Mikkel Schnack Sales Director - PowerPoint PPT Presentation

1 / 41

About This Presentation

Title:

Mikkel Schnack Sales Director

Description:

Role system compliant with J2EE. June 13, 1999. Websydian Security Model. June 13, 1999 ... Used in J2EE development for requirements gathering ... – PowerPoint PPT presentation

Number of Views:34

Avg rating:3.0/5.0

Slides: 42

Provided by: mikkels6

Category:

more less

Transcript and Presenter's Notes

Title: Mikkel Schnack Sales Director

1
Websydian 6.0

Mikkel Schnack Sales Director
Websydian A/S
Denmark

2
Session Abstract

This session will provide
Overview of Websydian concepts and background
Introduction to Websydian v6.0
Introduction to the Websydian off-the-shelf web
site Websydian Express v2.0
The main features and benefits of Websydian
Express will be explained and demonstrated live
on the Internet

3
Websydian A/S

Founded in 1985
Headquarters in Copenhagen, Denmark
100 dedicated to model-based development
working smarter not harder
Using AllFusion 2E since 1989
Using AllFusion Plex since 1994
More than 200 customers in 35 countries worldwide
First version of Websydian was released 1998
First version of Websydian Express was released
2005

4
Websydian A/S

CA and Websydian A/S are strategic partners in
delivering complete solutions since 2000. The
goal is to handle the challenges of quick and
reliable development of robust and secure Web,
Wireless and Web Service Applications.
Websydian target the Java, Windows and IBM System
i (the former AS400) platforms

5
Agenda

Why Websydian?
Companies e-business requirements
Websydian Product Suite Overview
Websydian v 6.0
Websydian Express v2.0 demo

6
Why Websydian?

According to Gartner
more than 80 of all e-business projects run

Over budget

Over time

Off track

7
Why Websydian?

Why?

Because there is too little time to reflect on
what you actually need in order to make a secure,
user friendly, transactional e-business site.

And
The business needs change over time!
8
Why Websydian?
The requirements you see Business processes
9
Why Websydian?
The requirements you see Business processes

What you also need
SOX complience
Documentation
Internet security
Knowledge about internet technology
....

10
Why Websydian?
Time for reflection

Tools and products, which allows you to focus on
development of business processes

Using existing business logic and developer skills

Reduced development time
11
Websydian Philosophy
Your focus
Websydian focus
12
How does Websydian provide this?

Model-based development which facilitate
Focus on the business transactions
Business rules enforcement
Documentation
SOX
High productivity
Easy and fast maintenance and up-date of
applications
Websydian handles the underlying internet
technology which
Means that only one developer skill-set is
needed.
Provides a complete security model.

13
e-business requirements
14
The security challenge - Back office
15
The security challenge Back office gt e-business
16
The companies requirements

When bringing interactive business processes in
front of customer/partners companies require
e-business that integrates with existing systems
Strong coherent security
Sufficient performance
Ability to keep up with new technologies and
quickly satisfy new business requirements
Smooth e-business development process
Driven by customer demands

17
Customer requirements

In relation to e-business your customers want
Secure and easy access to real time information
Visibility into the business processes
Control over the processes
Customer definitions of value are based on
Security
Speed
Customer process fit
Convenience

18
Websydian Overview
19
Websydian Product Suite Overview

20
Websydian Product Suite Overview

Websydian provides similar development
functionalities/patterns for e-business
development as Plex provides for green
screen/Client-Server development!
hiding the underlying e-business technologies!

21
Websydian v6.0

Release in June-July/December
Main features
Supports Plex 6.0 calling C server functions
Completing the Web-Services part of Websydian
TransacXML (Dec.)
Support for WSDL/Schema import
Full support for RPC based web services
Websydian Express 2.0 roles and custom fields

22
Websydian, Plex 6.0 and .Net
Phase 1 (Websydian v 6.0)

Websydian supports Plex 6.0
Adjusting C code to Visual Studio 2005 compiler
Allows calls to C database server functions in
Plex 6.0
Phase 2
Websydian for C (generation of C client code)
Websydian/Websydian Express deployes in .NET
environment
Beyond phase 2
Integration with ASP.NET
Websydian Express for C

23
Web Services support in Websydian v 6.0
24
Web Services support in Websydian v 6.0
25
WSDL support in Websydian v 6.0
WSDL
WSDL
UDDI
Export
?
?
Import
Web Services in action
Publish
Subscribe
SOAP Over HTTP
Web Service Publisher
Web Service Subscriber
Invoke
Response
26
Websydian Express v.2.0
27
With WebsydianExpress you get

Flexible web page structure off-the-shelf!
A sample web site to be modified
An empty web site ready-to-use
Frame-based page layout
Best practice page layouts out-of-the-box

28
Demo which can be seen live on www.Websydian.com
29
With WebsydianExpress you get

Security
Session control
User management system
Login facility
Role system compliant with J2EE

30
Websydian Security Model
31
OWASP

OWASP (Open Web Application Security Project)
Non-profit organization
Community for sharing information about web
application security
The OWASP Top Ten
The 10 most critical web application security
flaws
How to avoid the security flaws
httt//www.owasp.org

32
OWASP 2006 Top Ten

Un-validated Parameters
Broken Access Control
Broken Account and Session Management
Cross-Site Scripting Flaws
Buffer Overflows
Command Injection Flaws
Error Handling Problems
Insecure Storage - Insecure Use of Cryptography
Application Denial of Service
Insecure Configuration Management- Server
mis-configuration

33
OWASP 2006 Top Ten and Websydian

Un-validated Parameters
Broken Access Control
Broken Account and Session Management
Cross-Site Scripting Flaws
Buffer Overflows
Command Injection Flaws
Error Handling Problems
Insecure storages- Insecure Use of Cryptography
Application Denial of Service !
Insecure Configuration Management- Server
mis-configuration

34
Role based Security Model

Roles e.g. SalesRep, Accountant, Customer
Role-based security obtained through a
combination of two security methods
Security by Declaration
Access privileges declared by role
Programmatic security by role or user within
methods
If ltusergt in ltrolegt then
If ltusergt equal to ltuser_idgt then

35
Declarative Security - Example
Declared access privileges by roles
Declarative Security
ltAdministratorgt
Invoice func
ltSales Repgt
Create Invoice
ltCustomergt
ltSales Repgt
View Invoice
ltAccountantgt

Challenge Not all customers are allowed to
access all invoices!
Fine grained access control needed
Addressed by Programmatic Security

36
Security Roles Example

UML Use Cases
Used in J2EE development for requirements
gathering
Each use case (bubble) describes a function in
the application, which will be accessed by a user
Actors describes the roles of the users who will
be using a certain function
Actors of use case diagrams maps well to J2EE
role-based security

37
(No Transcript)
38
With Websydian Express you get

Usability
Web site out of the box
Installation Service (installation wizard plus
phone support if needed)
Separate web based administration module
User management
Custom field (you can easily grow your needs!)
A number of Self Contained Business Processes
generic for e-business development

39
(No Transcript)
40
(No Transcript)
41
With WebsydianExpress you get

Strong support for the configuration of the
e-business work-flow
Prototyping during the design phase
supports a process-centric methodology
Better dialogue and alignment of expectations
between business/IT - you can develop prototypes
during discussion
Prototyping during production
Business processes can be designed, developed and
tested without being showed to the public
Enables plug-in of new self contained processes
Great reduction in test